Headline
CVE-2023-5084: Fix XSS in edit server and add package · hestiacp/hestiacp@5131f5a
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8.
Expand Up
@@ -9,7 +9,7 @@
NOTIFICATIONS_EMPTY: '<?= _(“No notifications”) ?>’,
NOTIFICATIONS_DELETE_ALL: '<?= _(“Delete all notifications”) ?>’,
CONFIRM_LEAVE_PAGE: '<?= _(“Are you sure you want to leave the page?”) ?>’,
ERROR_MESSAGE: '<?= !empty($_SESSION[“error_msg”]) ? htmlentities($_SESSION[“error_msg”]) : “” ?>’,
ERROR_MESSAGE: '<?= !empty($_SESSION[“error_msg”]) ? htmlentities($_SESSION[“error_msg”],ENT_QUOTES) : “” ?>’,
BLACKLIST: '<?= _(“BLACKLIST”) ?>’,
IPVERSE: ‘<?= _(“IPVERSE”) ?>’
});
Expand Down
Related news
CVE-2023-5084: Multiple Self-XSS Vulnerabilites in hestiacp
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8.